Table of Contents

The Commonwealth must ensure that its investments in information technology result in systems that are sufficiently interoperable to meet the business requirements of its agencies and to effectively serve its constituencies. This policy articulates the importance of open standards compliance for IT investments in the Commonwealth. For the purpose of this policy, open standards is defined as follows:

Open Standards: Specifications for systems that are publicly available and are developed by an open community and affirmed by a standards body. Hypertext Markup Language (HTML) is an example of an open standard. Open standards imply that multiple vendors can compete directly based on the features and performance of their products. It also implies that the existing information technology solution is portable and that it can be removed and replaced with that of another vendor with minimal effort and without major interruption (see current version of the Enterprise Technical Reference Model ).

Executive Department Secretariats and their respective Agencies, [1] in addition to any agency or third party that connects to the Commonwealth’s wide area network (MAGNet), must comply with this policy.

Executive Department Secretariats and their respective Agencies are required to ensure compliance by any business partner that accesses Executive Department IT Resources or shared environments, e.g. MAGNet; and

Executive Department Secretariats and their respective Agencies are required to ensure compliance by third parties in any aspect of the process of providing goods and services to their agency.

Other Commonwealth entities are encouraged to adopt security requirements in accordance with this policy or a more stringent agency policy that addresses agency-specific directives, laws, and regulations.

Secretariats and their respective Agencies are required to comply with open standards referenced in the current version of the Enterprise Technical Reference Model (ETRM) when evaluating all prospective IT investments and must review existing IT systems for open standards compatibility as well as enhance these systems to achieve open standards compatibility where appropriate. In addition, open standards solutions must be selected when existing systems are to be retired.

Effective and efficient government service delivery requires system integration and data sharing. The Commonwealth’s technology investments must be made based on total cost of ownership and best value to the Commonwealth. Component-based software development based on open standards allows for a more cost-effective “build once, use many times” approach. In order to ensure compliance with this policy the following controls must be put in place:

ITD will review all agency IT Investment Briefs, project plans and service requests for compliance with this policy before granting approvals.

Agencies must integrate open standards compliance language in all IT bids and solicitations.

All agencies and entities governed by the overarching Enterprise Information Security Policy are subject to the referenced roles and responsibilities in addition to those specifically stated within this supporting policy. The roles and responsibilities for compliance with this policy follow

Assistant Secretary for Information Technology

The Assistant Secretary for Information Technology has developed mandatory standards and procedures for Secretariats and their respective Agencies to follow before entering into contracts that provide third parties with access to electronic high sensitivity information, including but not limited to personal information or IT systems containing such information.

The Assistant Secretary for Information Technology is responsible for the approval and adoption of the Enterprise Open Standards Policy and its revisions.

SCIOs, Agency Heads, and CIOs are collectively responsible for exercising due diligence in adhering to the requirements contained in this policy, and must either adopt this policy for their agency and/or Secretariat or publish their own in a manner consistent with this policy.

SCIOs, Agency Heads, and CIOs will collectively provide communication, training and enforcement of this policy that support the security goals of the Secretariat, its agencies and the Commonwealth.

Secretariat or Agency Information Security Officer (ISO)

Ensure that the goals and requirements of the Enterprise Open Standards Policy are implemented and met.

Ensure that this policy is communicated to the appropriate parties.

Enterprise Security Board (ESB)

The Enterprise Security Board will recommend revisions and updates to this policy and related standards.

Information Technology Division (ITD)

The Information Technology Division will issue revisions and updates to this policy and related standards.

Third parties

Third parties are required to comply with agency implementation of this policy.

Terms

Key terms used in this policy have been provided below for your convenience. For a full list of terms please refer to the Information Technology Division’s web site where a full glossary of Commonwealth Specific Terms is maintained.

Entity - An agency, department, secretariat, authority, college or other unit of government of the Commonwealth of Massachusetts.

IT Asset - An IT asset can be a physical IT asset (hardware, network devices, etc.) or a logical IT asset (data, software, licensing, and applications).

Third Party – Private sector companies or individuals that conduct business with MAGNet members.

ETRM-Enterprise Technical Reference Model-is a blueprint for standards that provides the architectural framework for the Enterprise and ultimately is the roadmap to a Service Oriented Architecture for the Commonwealth.

Document History

Date

Action

Effective Date

Next Review Date

01/13/2004

ITD-APP-01Published

01/13/2004

01/13/2004

01/23/12

Reviewed

1/31/12

1/23/13

3/6/2014

Updated – Approved by CCIO

3/6/2014

1/1/2015

The Executive Department is comprised of the Executive Branch minus the Constitutional Offices, i.e., the State Auditor, State Treasurer, the Attorney General, and the Secretary of the Commonwealth. While the Governor’s Office is also a Constitutional Office, it is covered by all ITD standards and policies.

Tool Name: Baynote, Inc. Recommendations

The information below summarizes privacy policy terms related to content recommendations on Mass.Gov and is excerpted from the full Mass.gov privacy policy.

Purpose: Displays relevant content recommendation based on the site usage pattern of all users of Mass.Gov. If Personalization is enabled (the default setting), your personal site usage pattern today and on prior visits to Mass.gov will be displayed to you and will also be a factor in determining personalized relevant recommendations for you.

Data Collected: A random anonymous unique identifier is assigned and tracked for each user of the website. This identifier is sent to our vendor, Baynote, when you view a page, open a document or click a link on Mass.Gov. Our vendor then analyzes the specific content that was viewed and provides content recommendations to similar content that you may find useful. A full description of what data Baynote collects and how it uses this data is available at http://www.baynote.com/baynote-services-privacy-policy/. Please note that the tool uses persistent cookies. These cookies will be Mass.gov domain cookies and not Baynote domain cookies. The cookies will store information related to a user’s Mass.gov Web site usage, including the URL and title of sites recently visited and the random anonymous unique identifier assigned to the user. In general, and as described in more detail in Baynote’s service privacy policy linked to above, Baynote only uses the personalized information it gathers to provide recommendation services and display past usage for Mass.Gov users and will not share this information with any third parties, including advertisers. The information collected will not affect content you may see on sites unaffiliated with Mass.Gov.

Express Opt Out: If personalization of recommendations based on the content you view is not desired, or you do not wish to display a list of recently viewed Mass.gov pages, you may turn personalization off. You can do this by using either the switch located below in this privacy policy or an identical switch located directly above the content recommendations and recently viewed content boxes displayed on the Mass.gov site. Once you turn off personalization, your content recommendations will be based on the overall traffic patterns of all users of Mass.Gov and they will not specifically take into account your own personal usage patterns. If you turn off personalization, information collected by this Tool that is associated with your content usage will be deleted from your cookies, and no further information about your content usage will be sent to our vendor.

Disabling personalization will affect both content recommendations and recently viewed page links. If you turn off personalization, this “off” setting will persist as you browse Mass.Gov and during any future sessions. The opt-out setting is stored in a persistent cookie on your computer. The setting will remain in effect so long as you use the same computer with the same Internet browser. If you delete the cookie that contains the opt-out setting or use a different browser or computer, personalization will be enabled and you will need to disable it again on your next visit, if desired.

For our full privacy policy, please close this window and see the Site Policies or Privacy Policy link in the footer of the page.